TheCommunicator
asked on
Audit Failure event in security logs of Domain controller
Hi,
I am checking some security event logs on the domain controller and what I am seeing is a lot of Audit failure logs. The surprising thing is that these audit failure events are coming from the only computers on the network which are on the same network BUT NOT ON DOMAIN. I am not sureif it is a particular type of bot or virus attack.
Any suggestions?
I am checking some security event logs on the domain controller and what I am seeing is a lot of Audit failure logs. The surprising thing is that these audit failure events are coming from the only computers on the network which are on the same network BUT NOT ON DOMAIN. I am not sureif it is a particular type of bot or virus attack.
Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any persistent mappings from those systems using domain creds?
ASKER
Oh yes actually these computers browse to some of the folders on these servers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can you please explain? stored password which are out of date?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, i checked. They do not use any credential manager facility.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It is Logon type 3.
ASKER
I am attaching the snapshot
Audit-Failure.png